Setup cmdaemon to allow an AJAX console

The AJAX console in the JSON cmgui allows shell commands to run on the cluster.

1. Enable the AJAX console in cmdaemon, by editing, on the head node, the configuration file:

/cm/local/apps/cmd/etc/cmd.conf

and setting the directive:

EnableShellService = true

2. Restart cmdaemon to make the change live:

[root@head ~]# service cmd restart

Allow the admin user to have cmgui JSON access from a user account

Due to technical reasons, cmgui can no longer use the admin.pfx certificate. Instead JSON cmgui connects with the username, password combination used by normal ssh access to the cluster. A certificate is still required to determine user credentials.

For admin users (admin has the ADMIN profile), the default admin cmsh certificate can be associated with a regular user account used by the admin. The viewability of the certificates must be restricted for security reasons. For example for the regular user account "fred", to associate it with admin privileges, the configuration could be done as follows from a bash prompt on the head node: user=fred cmsh -c "user add user $user; set password $user; commit" if [ -e /etc/SuSE-release ]; then group=users else group=$user fi mkdir -p /home/$user/.cm cp -r /root/.cm/cmsh /home/$user/.cm/cmsh chown $user:$group -R /home/$user/.cm chmod go= /home/$user/.cm/cmsh/admin.{pem,key}

Create a certificate with an associated profile for a regular user to have cmgui JSON access from a user account

For users who do not have an ADMIN profile, a separate certificate needs to be created. This certificate can be created in cmsh:

The cm-create-certificate.py2 script attached to this article is not supported, but can be regarded as a basis for anyone who wants to use Python.

A regular user associated with a non-admin certificate can then use cmgui JSON with reduced privileges, as defined by the tokens in the profile of the user certificate (see the Admin Manual, User Management section for details on profiles and tokens with certificates).

Allowing cmgui JSON access for root

By default root cannot use the JSON cmgui.

1. To enable root to use it, edit:

/cm/local/apps/cmd/etc/cmd.conf

and add the line (or merge the AdvancedConfig definitions)

AdvancedConfig = { "AllowJSONfromRoot=1" }

2. Restarting cmdaemon makes the change live:

[root@head ~]# service cmd start

Running JSON cmgui

1. For Linux: Unzip the cmgui-json zip file into a directory of your choice:

2. For MS Windows: run the install.cmgui.json.6.0.r4100.exe (exact version number may be different) executable

from the directory of your choice.

3. Run cmgui. Fill in your user credentials when prompted, and then go ahead and use cmgui.

Warning: the password is saved as plain text, when stored in the cluster settings. Leaving the password blank will cause a prompt every time a connection to the cluster is established and the password will never be saved.